At 02:55 PM 10/28/2010, Brielle Bruns wrote:
Okay, so this has my head hurting a bit just trying to figure out just how this is possible and what kind of equipment would pull this stunt.
misconfig of a p2p addr somewhere ? perhaps someone used 0.0.0.0/30 as a p2p addr for kicks. e.g. I just tried this at home. on a next hop router, # ifconfig igb1 0.0.0.0/30 alias on a node/workstation behind the above router 0(i5)# ifconfig em0 0.0.0.1/30 alias 0(i5)# route add 173.194.32.104 0.0.0.0 0(i5)# telnet -s 10.255.255.27 173.194.32.104 80 Trying 173.194.32.104... Connected to yyz06s05-in-f104.1e100.net. Escape character is '^]'. And looking for the arp who has, it is indeed asking for 0.0.0.0's MAC addr for the next hop. 15:07:38.308758 00:15:17:ed:36:e5 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 0.0.0.0 tell 0.0.0.1, length 46 15:07:38.308764 00:30:48:94:88:21 > 00:15:17:ed:36:e5, ethertype ARP (0x0806), length 42: Reply 0.0.0.0 is-at 00:30:48:94:88:21, length 28 ---Mike
Tracing from here (cableone cable modem) to the outside world, I end up with the following at the beginning of my traceroute.
1 192.168.1.1 (192.168.1.1) 2.759 ms 0.803 ms 0.769 ms 2 0.0.0.0 (0.0.0.0) 10.462 ms 9.543 ms 8.043 ms 3 192.168.32.65 (192.168.32.65) 9.984 ms 9.654 ms 9.570 ms 4 te-4-4.car2.seattle1.level3.net (4.53.146.117) 25.960 ms 21.798 ms 24.144 ms .... etc
0.0.0.0 as one of the hops. So, I pulled out LFT to make sure traceroute isn't going nuts.
Layer Four Traceroute (LFT) version 3.1 Using device en1, 192.168.1.101:53 TTL LFT trace to 207.70.17.213:80/tcp 1 192.168.1.1 0.9/0.9ms 2 /9.8/10.3ms 3 192.168.32.65 9.7/8.3ms 4 10.255.255.1 9.1/8.4ms 5 te-4-4.car2.seattle1.level3.net (4.53.146.117) 29.0/20.2ms
Fun, no entry for hop 2, plus there's an extra hop at #4. Lets use verbose.
Layer Four Traceroute (LFT) version 3.1 ... (verbosity level 2) Using device en1, 192.168.1.101:53 SENT TCP TTL=1 SEQ=648736948 FLAGS=0x2 ( SYN ) SENT TCP TTL=2 SEQ=648736949 FLAGS=0x2 ( SYN ) RCVD ICMP SEQ=648736948 SRC=192.168.1.1 PTTL=1 PSEQ=648736948 SENT TCP TTL=3 SEQ=648736950 FLAGS=0x2 ( SYN ) SENT TCP TTL=4 SEQ=648736951 FLAGS=0x2 ( SYN ) SENT TCP TTL=5 SEQ=648736952 FLAGS=0x2 ( SYN ) SENT TCP TTL=6 SEQ=648736953 FLAGS=0x2 ( SYN ) RCVD ICMP SEQ=648736949 SRC=0.0.0.0 PTTL=2 PSEQ=648736949 SENT TCP TTL=7 SEQ=648736954 FLAGS=0x2 ( SYN ) RCVD ICMP SEQ=648736950 SRC=192.168.32.65 PTTL=3 PSEQ=648736950 RCVD ICMP SEQ=648736951 SRC=10.255.255.1 PTTL=4 PSEQ=648736951 RCVD ICMP SEQ=648736953 SRC=4.68.105.30 PTTL=6 PSEQ=648736953
Am I going nuts, or is something really messed up somewhere upstream from the cable modem? To quote someone from IRC who's just as confused, "the null route just talked to me".
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
-------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike